How to Encrypt Files with Tomb on Ubuntu 16.04 LTS

On this page

Most people regard file encryption as a necessity nowadays, even on Linux systems. If, like me, you were originally attracted to Ubuntu because of the enhanced security of Linux systems, I’m afraid I’ve got bad news for you: Linux has become a victim of its own success. The vast increase in the number of users over recent years has led to attacks and theft on such systems growing exponentially.

There used to be a pretty easy solution to encrypting files on Linux systems like Ubuntu: it was called Truecrypt. Up until 2015, it offered varying levels of military-grade encryption, and worked well with most Linux systems. Unfortunately, it has since been discontinued, and has therefore become pretty insecure.

The Alternatives

Luckily, there are a few alternatives to Truecrypt. The direct successor of Truecrypt was Veracrypt, made by a group of developers who took the source code from Truecrypt and kept it updated.

The project has since grown into an impressive standalone system, but is now showing its age. Old systems, and especially those that deal with security, can only be updated so many times without introducing vulnerabilities.

For this reason, among many others, it’s worth looking a bit further afield for encryption software. My choice would be Tomb.

Why Tomb?

In some ways, Tomb is pretty similar to other encryption software. It stores encrypted files in dedicated “Tomb Folders”, allowing you to quickly see which files you have encrypted.

It also uses a similar encryption standard to Veracrypt, AES-256. This standard is Applied by everyone from the NSA to Microsoft to Apple, and is regarded as one of the most secure encryption ciphers available. If you’re new to encryption, it’s worth reading a bit of the background behind the technology, but if you just want fast, secure encryption, don’t worry: Tomb will deliver.

There are a couple of big differences with Tomb. The first is that it has been developed specifically for GNU/Linux systems, cutting out some of the compatibility issues of broader encryption software.

The second is that, although Tomb is open source, it makes use of statically linked libraries so that its source code is hard to audit. That means that it is not considered free by some OS distributors, but when it comes to security software this is actually a good thing: it means that Tomb is less likely to be hacked than completely “free” software.

Lastly, it has several advanced features like steganography, which allows you to hide your key files within another file. And though Tomb is primarily a command-line tool, it also comes with a GUI interface, gtomb, which allows beginners to use it graphically.

Sold? Well, before I take you through how to use Tomb, it’s worth noting that no encryption software can offer total protection. Tomb will not hide your online computing from your ISP, and nor does it protect files stored in the cloud. If you want to fully encrypt cloud storage, you’ll need to log into your preferred storage service using the Tor browser and a zero-logging VPN. There are plenty of options available here, but Trust Zone is a good browser, and Tinc is a good VPN tool.

All that said, if you are looking for fast, easy, secure encryption for Ubuntu 16.04, Tomb is undoubtedly the way to go. Let’s get you started.

Installing Tomb on Ubuntu 16.04

Because Tomb was made especially for Linux, install is super easy.

A couple of years back, the guys over at SparkyLinux (which is a pretty good Debian derivative in its own right) added Tomb to their official repositories. You can install it on your Ubuntu system by adding these repositories.

You then need to update your repositories, using the standard command:

sudo apt-get update

And then simply install Tomb using apt:

sudo apt-get install tomb

If you want the GUI, install is just as easy. Just use apt to install gtomb:

sudo apt-get install gtomb

And that’s it: you should now have a working version of Tomb installed. Let’s look at how to use it.

Using Tomb

Using Tomb Through The Command Line

Tomb is primarily a command line tool, so I’ll cover this usage first. If you are not comfortable with using a terminal, you can skip this section and look below.

Actually, scratch that. If you’ve never used the command line before, Tomb is a great place to start, because it uses simple commands and there is little chance of you messing something up as long as you are careful.

Tomb actually uses a pretty amusing set of commands, all graveyard-themed. Each encrypted folder is referred to as a “tomb”, and (as I’ll come to shortly) they can be worked with using similarly Gothic commands.

First, let’s make a new tomb. You can specify the name and the size of your new tomb, so let’s use “Tomb1”, and make it 100mb.

A note here: because I’m just showing you what to do, I’ve stored my key and tomb in the same directory (in this case $HOME). You shouldn’t do this – store your key somewhere else, preferably where no-one but you is going to find it.

You’ll need to remember where you stored it, however, because you need it to unlock your tomb. To do this, enter:

sudo tomb open Tomb1.tomb -k path/to/your/Tomb1.tomb.key

Enter your password, and you should be in. Tomb will generate something like:

You can now save and open files from the tomb, but note that you will need root privileges in order to do so.

To unmount your tomb after you have finished using it, close it by using:

sudo tomb close

Or, if you want to force close all open tombs, you can use:

sudo tomb slam all

Using Tomb Through The GUI

If you are uncomfortable using the command line, or simply just want a graphical interface, you can use gtomb. Unlike a lot of GUI wrappers, gtomb is pretty straightforward to use.

Let’s look at how to set up a new tomb using gtomb. First, launch gtomb from the Menu. It will probably look like this:

Everything is pretty self-explanatory, but for the sake of completeness I’ll run through how to set up your first tomb.

To start, click on the first option, “dig”. Click OK, and then choose a location.

Next, enter the size of your tomb:

You’ve now got a new tomb, but you need to make a key before you can use it. To do this, click “forge” from the main menu:

Tomb will ask you to enter a passcode twice, so do that.

Then lock your tomb using the key by clicking, you’ve guessed it, “lock”. To open it, click “open” and enter your passcode again.

As you can see from the screenshot above, usage of gtomb is really easy, and you shouldn’t encounter any problems. Most common tasks can be done with a few clicks, and for anything more complicated you can use the command line.

Final Thoughts

That’s it! You should now have your first tomb set up and ready to go. Store anything you want to keep secret and secure in tombs, and this information will be much more secure.

You can use multiple tombs at the same time, and bind the files in them to your $HOME directory, so your programs don’t get confused.

I hope this guide has helped you get started. Using your tombs is just like using a standard folder, but for more complex commands you can always check the Tomb Official Guide.

Suggested articles

2 Comment(s)

Comments

Thx for all the explenations, but as not nerd, it is heavy stuff, and not any logic in it. Why not just an application with mouse. Add the files you want to encrypt, give localisation possibility to store, click and done? Do you know a program that can do it simple like this.

I am running Ubuntu Mate. We need encryption on evidence files that our small security agency wants to sent to police. As director I cannot affort an ICT specialist. I do not mind putting some effort in it, but this is almost a whole education you spread out here. My computing level is low. I only work with prog. with mouse, as power user. Linux is so great, but should be far better accesible for non nerds.